7 Best Practices for Password Security

With the internet being the gateway to countless lives, stories and businesses, our world is digitally evolving every single day. However, there is a polarity to everything in life and the internet is not an exception. With unprotected databases getting breached often, these stolen passwords can pose a severe threat. Apart from ensuring no one is watching as you enter passwords, there are many other things you can do to strengthen your security against cyber-crimes.

We have compiled a list of the top 7 imperative password security measures you and your team will need to keep the bad guys at arm’s length. As a bonus, we asked our Head of IT, Gerard Healy for some insight, so make sure you read on for expert tips!

#1 Do not reuse passwords

If you are guilty of using the same password across multiple sites, your password hygiene is so bad you will need a cyber-doctor. This practice may initially seem very convenient, but if an attacker broke into one of your accounts, all your data might be at risk. A study by the Microsoft Threat Research Team in 2019 revealed that not only were 44 million users reusing their usernames and password but also that most of these passwords were weak. A great way to start is by choosing a strong password (Tips in #2) for every main account you use and changing them regularly. If you find it difficult to remember a different password for every site, use a password manager application.

EXPERT TIP : “Password managers can create passwords and securely store them for you. The passwords created will look like somebody has thrown a book at a keyboard – gibberish and long. The idea is that, if that password is compromised, it can’t be reused elsewhere. LastPass, Dashlane or 1Password are some great password manager options.”

#2 Adopt long passphrases

According to internet security firm SplashData, the most hacked passwords of 2019 were “12345,” “123456,” “123456789,” “abc123,” “qwerty,” “1111111,” and believe it or not, the term “password”. Hackers use advanced hacking tools, so these common and easy-to-guess passwords will not deter them. Using a passphrase over a password will give you maximum security. Passphrases such as “Work Excites Me 100%” are easy to remember and meet all complexity requirements. They are also very hard to crack because most of the password cracking tools break down at 10 characters.

EXPERT TIP : “The longer the password, the harder it is to crack. Use complicated passwords like a phase, like a book title, a song, a movie or quote. Replace letters with capitals, numbers (e.g. 0 instead of O) and special characters (e.g.! instead of L)”

#3 Strategic periodic changes

According to the research published by OneLogin, 2 in 5 Irish people do not change their passwords and are susceptible to cybercrime. Given this alarming statistic, the most important password best practice is to change your passphrase every 3 months or in case of any potential threat. This will lock out hackers, protect you from potential attacks and make the list of usernames and passwords obtained through data breaches completely useless. However, it is important to note that changing your password too frequently may prompt you to reuse your old passwords or even write them down – both of which are extremely risky.

EXPERT TIP : “The general rule of thumb is – the more valuable it is, the more frequently you should change it. If your credit card information is used on a specific website, you want to be changing that quite frequently. If it is just a normal website where no credit card details or personal information is stored, that could be done less frequently. The changing frequency is proportional to the risk associated.”

#4 Opt for Two-Factor Authentication

Two-factor authentication or 2FA is an added layer of security that requires you to confirm your identity before getting access to your account. In this type of authentication, the user receives a one-time password (OTP) via text message or email, to ensure only the right people have access to it. The idea with 2FA is that mere guessing or cracking the password alone will not be enough for an intruder to gain access. However, it is important to note that marking your device as trusted will over-ride the 2FA process and is not good in terms of security.  

EXPERT TIP : “Those of us who use online banking and/or shopping, should already be somewhat familiar with the one time passwords that are sent to us by SMS. This is 2 factor autentication (2FA). It greatly reduces the likelihood of being defrauded, as these passwords change each time and a hacker would need to get this information too”

#5 Use Advanced Authentication Methods

While passwords are still the most common way of authorisation, shifting to non-password based advanced methods is gaining popularity. While biometric and face recognition can be used for mobile phones, Identity-As-A-Service or IDaaS can be used by employees to improve the security posture of the company. It is a cloud-based authentication built and operated by a third-party provider to enterprises who subscribe. With IDaaS, your workforce can immediately have one-click access to all your websites and apps without having to create new passwords.

EXPERT TIP : “Where a website supports it, log in with your Google, Facebook, Apple or Office365 account instead of creating an account. These password services are likely to be more secure and it reduces the number of passwords that you need to remember.”

#6 Implement proper web security

Around 100 passwords are stolen every second – This means that your security is easily handed to hackers on a plate if you use unsecured Wi-Fi connections or devices that do not belong to you. Start off by using only trusted devices and connections that you think are 100% secure. In addition to these steps, you must stay away from phishing emails and malicious links. Install a proper anti-virus and anti-malware software on your devices and update them regularly to keep cyber-criminals at bay!

EXPERT TIP : “Don’t click links within an e-mail that you are suspicious of. Some links look like legitimate hyperlinks but can be a masked link to a criminal website. When in double, pick up the phone. A compromised credit card or fraudulent financial transaction will cost you a lot more than a phone call.”

#7 Protect Your Password List

We are all human and remembering multiple different passwords can be hard. In these situations, you may feel like saving it all in one place. Try not to do so. Never save any physical records of passwords so that your accounts are not compromised. In case you need to share your credentials with a colleague for something important, make sure the password is changed immediately after. You can also use this encrypted USB flash drive to keep your information safe and secure!

EXPERT TIP : “Never write a password down on a post-it or in a notebook or spreadsheet. A spreadsheet can be compromised even if password protected. Instead, use services like LastPass to securely manage your passwords.”